CBL Mariner 2.0 Security Update: c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent (CVE-2024-25629)

The version of c-ares / fluent-bit / grpc / nodejs / nodejs18 / python-gevent installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-25629 advisory. - c-ares is a C library for asynchronous DNS requests...

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / edk2 / hvloader / kata-containers / kata-containers-cc / nodejs (CVE-2023-5678)

The version of cloud-hypervisor-cvm / edk2 / hvloader / kata-containers / kata-containers-cc / nodejs installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-5678 advisory. - Issue summary: Generating...

CBL Mariner 2.0 Security Update: cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl (CVE-2023-6237)

The version of cloud-hypervisor-cvm / hvloader / nodejs / nodejs18 / openssl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-6237 advisory. - Issue summary: Checking excessively long invalid RSA...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2024-22019)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22019 advisory. - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP reque...

CBL Mariner 2.0 Security Update: nodejs / nodejs18 (CVE-2024-30261)

The version of nodejs / nodejs18 installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-30261 advisory. - Undici is an HTTP/1.1 client, written from scratch for Node.js. An attacker can alter the integri...

[R1] Tenable Identity Exposure Version 3.59.5 Fixes Multiple Vulnerabilities

R1 Tenable Identity Exposure Version 3.59.5 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 07/02/2024 - 13:24 Tenable Identity Exposure leverages third-party software to help provide underlying functionality. Several of the third-party components OpenSSL, curl, envoy, nodeJS were found to conta...

Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2

Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...

CVE-2023-38506

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

CVE-2023-38506

Summary of CVE-2023-38506 (Joplin) : A Cross-site Scripting (XSS) vulnerability arises when pasting untrusted HTML into Joplin’s rich text editor. HTML pasted into the editor is not properly sanitized, allowing the onload attribute of pasted images to execute arbitrary code. Because the TinyMCE e...

CVE-2023-38506 Cross-site Scripting (XSS) when pasting HTML into the rich text editor in Joplin

Joplin is a free, open source note taking and to-do application. A Cross-site Scripting XSS vulnerability allows pasting untrusted data into the rich text editor to execute arbitrary code. HTML pasted into the rich text editor is not sanitized or not sanitized properly. As such, the onload...

CVE-2024-4603 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-4603 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-30261 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-22017 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-22017 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-27982 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-27982 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-2511 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-2511 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-21890 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-21890 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-22025 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-22025 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-6237 affecting package nodejs for versions less than 20.14.0-1

CVE-2023-6237 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-30260 affecting package nodejs for versions less than 20.14.0-1

CVE-2024-30260 affecting package nodejs for versions less than 20.14.0-1. An upgraded version of the package is available that resolves this issue...